Lenny Zeltser, of the SANS Internet Storm Center, posted his Three Laws of Behavior Dynamics for Information Security. These laws describe why people follow or don’t follow new security initiatives. Basically, it describes how people react to change overall, but Zeltser focuses on security change specifically.
In short, the laws are:
- Individuals will maintain their routines, letting status quo prevail unless a major imbalance occurs.
- Individuals will gravitate towards what’s personally gratifying and convenient when making decisions.
- An attempt to introduce change will be met with resistance at least equal in force and determination.
Read it all here.
Incidentally, if you’re a security professional or an IT geek that wants to check the daily pulse of security around the world, I’d recommend reading the SANS Handler’s Diary on a daily basis. The diary provides information and analysis about current Internet attacks/scans, vulnerabilities, vendor updates, various security topics, and their current Internet Threat Level.